cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1833
Views
0
Helpful
13
Replies

monitoring session

hii all


i just want to ask , if i have switch with vlan allowed in trunk
(1-4196) when i do monitoring in access port (vlan 88) ,

i. can all the traffic from same vlan(vlan88) that the access port (vlan88) using can be monitored ?i mean all traffic include the individual ip (like 10.24.0.x (vlan 100) to 10.49.196.x(vlan 88) ) can be monitored ?even if the destination and source are different switch from the switch i monitor?

ii.this is not broadcast traffic .

please advise.

13 Replies 13

Hi

You can monitor the local vlan 88 and 100 and send the information to other interface destination located on a different switch but using RSPAN (Remote SPAN)

I recommend this link:

https://supportforums.cisco.com/document/139236/understanding-spanrspanand-erspan

Hope it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Thanks for the response, but my concern are not about rspan or span. 

It about the traffic flow inside the switchport ,traffic should be send to other switchport. I see alot non broadcast traffic that not belong to the swithport i span. Is it normal because i enable all vlan in my trunk ?

I am not sure if I understand your question correctly. So, I will answer based on span configuration examples:

monitor session 1 source vlan 88 (rx or tx or both)

- With this SPAN configuration switch will duplicate all frames that belong to vlan 88

Monitor session 1 source interface f0/1 (rx or tx or both)

- With this SPAN configuration switch will only duplicate frames that are received and transmitted on interface f0/1

I hope this answers your question

Tq , i dont span the vlan88, i span switchport which in vlan 88.

Here is my config for span

Monitor session 1 source int fa0/6

Monitor session 1 destination int fa0/7

I saw traffic from vlan 88 & 100 from this monitoring . Which is not broadcast traffic. 

And the destination of the ip address and mac at other switch.

I check my routing and spanning tree all ok.

What could be lead to this problem ?

Why do you think that's a problem? If there is communication between the host you are monitoring which is in vlan 88 to another host that's in vlan 100 that's perfectly fine. 

Unless you are seeing traffic that's not sourced by the host you are monitoring or you are receiving traffic on that port when monitored end host is not the destination. 

Unless you are seeing traffic that's not sourced by the host you are monitoring or you are receiving traffic on that port when monitored end host is not the destination. 

I saw this . 

Any problem may result to this problem ?

Can you share captured traffic that's not supposed to be received on this interface?

i wonder what will cause that situation unless there is some misconfiguaration. However, packets sent to the host when its layer 2 and 3 address is not listed in the destination address will be discarded by the host. It could be an issue if host is receiving a high amount of such traffic because it would still need to process it first before it drops it. 

here the screenshot. 

Destination and Souce address doesn't belong to the host you are monitoring ?

also can you also send complete  configuration of monitoring ? 

Also did you trace source and destination MAC address/ IP address in the screen you sent, if so do they exist on the switch you have span configured on ?

Ya correct it not belong to switchport i spanning.

It not belong to my switch that i span. It in other switch.

Please run this command on the switch you have SPAN configured on and provide the output.

show monitor session all

Well, the switchport could be communicating with other networks, but if you are monitoring a trunk you could filter the vlans to be monitored. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
Review Cisco Networking for a $25 gift card